[cvsnt] ACLs, permissions, readers/writers, etc

Mike Wake mike.wake at thales-tts.com
Thu Aug 19 17:26:40 BST 2004 

Heya Ruth,

This is just a guess but you you might need

Repository0Name=/cvs/repo/java
Repository1Name=/cvs/repo/sites

as well as

Repository0=/cvs/repo/java
Repository1=/cvs/repo/sites

in your /etc/cvsnt/PServer file.

Cheers
Mikew

Ruth, Brice wrote:

> Good morning.
> 
> I have setup CVSNT 2.0.51c on a RedHat Enterprise Linux ES 2.1 box, with 
> PAM security, accessing the repository via :pserver:. My goal, in short, 
> is to provide a particular group of users (defined in Active Directory, 
> accessed via winbind) with r,w,c access to all modules, all branches. 
> Then, provide a second group of users (also defined in Active Directory) 
> with only r access to certain branches of certain modules, and r,w,c 
> access to other branches of those modules.
> 
> Now, I've setup CVSROOT/groups to mirror what I have setup in Active 
> Directory:
> 
> CorpWebappsCvs: user1 user2 user3 user4
> CorpWebappsCvsCreative: user1 user2 user3 user4 user5 user6
> 
> File permissions in the repository are CorpWebappsCvs is the group owner 
> of directories/files, directories are also +SGID. I've tested checkout 
> of the files and I didn't run into any problems. However, testing 
> check-in with a user in the first group (CorpWebappsCvs) doesn't appear 
> to work. Here's the error I get:
> 
> cvs server: User user4 is unable to write modified file 
> /cvs/repo/sites/fiskarsbrands.com/mgmt.jsp
> cvs [server aborted]: correct above errors first!
> 
> 'cvs lsacl' shows the following for the module I'm in:
> 
> Directory: .
> Owner: bruth
>  default:r
>  CorpWebappsCvs:rwc
> 
> (Quick aside - when I run chacl on a directory, do I need to checkin 
> those files, then? How does the server get notified of these ACLs?) 
> Another aside - for ACLs to work, does the CVS client have to be CVSNT? 
> We mostly use Eclipse to access our CVS repositories.
> 
> I've googled & RTFM'd both the CVSNT manual as well as the Wiki and its 
> gotten me to this point (which is pretty far, actually). Any help would 
> be appreciated.
> 
> Thanks!
> Brice Ruth
> 
> p.s. Here's my xinetd conf for cvspserver
> # default: off
> # description: The CVS pserver protocol allows remote access to a CVS \
> #              repository.
> service cvspserver
> {
>        socket_type             = stream
>        wait                    = no
>        user                    = root
>        group                   = cvsgroup
>        log_type                = FILE /var/log/cvspserver
>        server                  = /usr/bin/cvs
>        server_args             = pserver
>        log_on_success  += HOST DURATION
>        log_on_failure  += HOST USERID
>        disable                 = no
>        port                    = 2401
>        only_from               = 10.5.0.0/16
> }
> 
> And here's my /etc/cvsnt/PServer file (abbreviated):
> Repository0=/cvs/repo/java
> Repository1=/cvs/repo/sites
> NoReverseDns=0
> LockServer=localhost:2402
> FakeUnixCvs=0
>

More information about the cvsnt mailing list